CVE-2024-20457

Published: Nov 6, 2024Modified: Aug 7, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: psirt@cisco.com (Secondary)

Description

A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device.

Affected (42)

Products: Cisco: Unified Communications Manager Im And Presence Service

Cisco

1 product

Unified Communications Manager Im And Presence Service

Configuration A

42 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Communications Manager Im And Presence Service	Version 10.0(1)
Cisco Unified Communications Manager Im And Presence Service	Version 10.0(1)su1
Cisco Unified Communications Manager Im And Presence Service	Version 10.0(1)su2
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(1)
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(1)su1
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(1)su2
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(1)su3
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(2)
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(2)su1
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(2)su2
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(2)su2a
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(2)su3
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(2)su4
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(2)su4a
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(2a)
Cisco Unified Communications Manager Im And Presence Service	Version 10.5(2b)
Cisco Unified Communications Manager Im And Presence Service	Version 11.0
Cisco Unified Communications Manager Im And Presence Service	Version 11.0(1)
Cisco Unified Communications Manager Im And Presence Service	Version 11.0(1)su1
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su10
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su11
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su1
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su2
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su3
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su3a
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su4
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su5
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su5a
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su6
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su7
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su8
Cisco Unified Communications Manager Im And Presence Service	Version 11.5(1)su9
Cisco Unified Communications Manager Im And Presence Service	Version 12.5(1)
Cisco Unified Communications Manager Im And Presence Service	Version 12.5(1)su1
Cisco Unified Communications Manager Im And Presence Service	Version 12.5(1)su2
Cisco Unified Communications Manager Im And Presence Service	Version 12.5(1)su3
Cisco Unified Communications Manager Im And Presence Service	Version 12.5(1)su4
Cisco Unified Communications Manager Im And Presence Service	Version 12.5(1)su5
Cisco Unified Communications Manager Im And Presence Service	Version 12.5(1)su6
Cisco Unified Communications Manager Im And Presence Service	Version 12.5(1)su7
Cisco Unified Communications Manager Im And Presence Service	Version 12.5(1)su8

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (1)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n

Source: psirt@cisco.com

Vendor Advisory

Timeline

No history available yet.